About Viruses PDF Print E-mail
Written by Dave Bauer   
Sunday, 27 April 2008 06:28
 

 

How do viruses work?

Typically, a virus exploits either a 'well-known' or recently discovered vulnerability in an application (like Outlook, or Word) or an Operating System (like Windows). Once these vulnerabilities are discovered, patches are quickly created and published to fix the vulnerability. So, if a computer is kept current with these patches, they are far less likely to become infected. It is important to point out that "less likely" does NOT mean "immune".

They also take advantage of human vulnerabilities. This is the knowledge that "If you email it, they will open it." The fact that people continue to open attachments from people they don’t know, and open attachments that are executable, will ensure that viruses are hear to stay.

 

Microsoft Windows Update:

Microsoft has made available a tool called "Windows Update". This a tool that makes checking for and applying patches to Microsoft products quick and easy. You can access this tool by clicking on Start à Windows Update, or from Internet Explorer by clicking on Tools à Windows Update. If you do not see this in either location, simply open your web browser and go to http://www.windowsupdate.com. It is highly recommended that you ALWAYS apply ALL "Critical Updates".

 

How do viruses spread?

Most viruses today are Worms. Worms propagate themselves using email. Normally, when a Worm infects a computer, it will email a copy of itself to everyone in the infected computer’s address book EACH time the Worm is activated (or triggered).

Other viruses spread over networks -- The Internet is a network. They take advantage of open ports and various services that may be running on your computer. This is also how a hacker can get in to your computer. A "Personal Firewall" is an important line of defense against these viruses and attacks. 

Still other viruses spread the old fashioned way, from sharing files or floppies. You can even get a virus from visiting a web page.

 

Personal Firewalls:

Picture a "Firewall" as a security guard outside of a building. When someone comes up to the security desk, they have to tell the security guard who they are and where they are going. The security guard will then check to see if that person may enter or not and will either grant or deny access. This is what a firewall does at your network connection (your connection to the Internet) for your computer. Firewalls can be either hardware or software based. Typically "Personal Firewall" is software based.

You can purchase "Personal Firewall" software from various software companies such as Trend Micro, or ZoneLab's "ZoneAlarm Pro", or Pearson Software's "Black Ice". I recommend the FREE version of ZoneAlarm. It has all of the basic features that you need to keep your computer reasonably secure from Internet threats, and -- Its free.

 

About file types:

In Windows, file types are distinguished by their file ‘extension’. An extension is the text that follows the last ‘dot’ in the file name. For example the extension of "Program.exe" is "exe", the extension of "Document.doc" is "doc" and the extension of "Java.js" is "js".

These extensions tell Windows what kind of file it is. An EXE file is an ‘executable’ file, meaning it has the ability to do things, a DOC file is a Word document which, by itself, doesn’t have the ability to do anything because it is a data file. Some data files can contain "Macros" which are small programs imbedded into those documents. So, just because a file is not an executable file, doesn’t mean that it is safe to open.

 

What types are dangerous?

ANY file that is executable can be dangerous. The primary executable files that are used for viruses are EXE, VBS, JS, HTA, and COM with VBS being the most common among this group.

NOTE: There are more executables then those listed here -- Too many to mention. These are the most common executables used for viruses.

Files that can contain Macros are DOC, XLS, PPT, and MDB among others with DOC being the most common vehicle for Macro Viruses.

 

Disguising file types

To infect the computers of those who have learned what types of file types to avoid, virus authors are getting more creative in how they name attachments. What they do is put a ‘double extension’ on the file. For example a file could be named "Picture.jpg.vbs". If you are not careful, you read "Picture.jpg", figure it’s an image file and you open it. But, it’s actually a VBS file. Now you have a virus.

 

But, I know the person who sent it to me.

As described in How do Viruses Spread? Worms will email a copy of themselves to everyone in an infected computer’s address book. If someone you know has a Worm, then their computer would be sending you a copy of the Worm. The person whose computer the Worm was sent from will likely not yet know that they have a virus.

Also, Many Worms will do something called ‘Spoofing’ which means that the Worm will pick an email address from the infected computers address book, use that address in the ‘From’ field, and email itself to everyone else in the address book. So everyone who receives this email is lead to believe that it came from someone else.

 

About anti-virus software:

Good anti-virus software is your front-line of defense against viruses. It will have the ability to scan your whole computer at once as well as provide real-time protection. Real-time protection means that the anti-virus software is always running in the background. So, when you open a file that is a virus, or contains a virus, it is identified as a virus and neutralized before it can do anything.

There are two main components of anti-virus software, the scanning engine, and the definitions.

    • Are a set of criteria that enable the virus software to identify a virus. These criteria can be based on file name, size, content or all of the above. Definitions also provide instructions to the Scanning Engine on how to disable and remove the virus. These are updated very regularly during the year, usually on a weekly basis..DEFINITIONS:
    • Is the actual software that examines the files and compares them against the virus definitions to determine if it is (or contains) a virus. If it is (or contains) a virus, then the file is either repaired, isolated, or deleted depending on settings which you can establish.SCANNING ENGINE:

I recommend Trend Micro. For the last 18 months or so, whenever there has been a major Virus out, Trend Micro has invariably been the first company to have an answer for it.

 

How to avoid viruses:

  1.  
    1. Do NOT open attachments from people you do not know, or that are executable.
    2. Install a "Personal Firewall". The FREE version of ZoneAlarm is usually sufficient.
    3. Do NOT open attachments from people you do not know, or that are executable.
    4. Make sure your computer is completely patched. Check this on a regular basis.
      • If you are at an office, make sure that the person in charge of your computers is keeping them up to date.
      • If you are at home, or at a small office, and you are responsible for keeping your computer up to date, use Windows Update. This is a service provided by Microsoft freely, and they encourage you to use it. Windows Update is available by…
        • Clicking on Start à Windows Update
        • Or, from Internet Explorer, clicking on Tools à Windows Update
  2.  
    1. Do NOT open attachments from people you do not know, or that are executable.
    2. Buy name-brand anti-virus software and keep the definitions up to date (you should be able to set this up to occur automatically). Upgrade this software each year because it is just as important to keep the engine (software) current as it is to keep the definitions current. I highly recommend Trend Micro. They have been first to respond to virus outbreaks for some time now.
    3. Do NOT open attachments from people you do not know, or that are executable.

 

Copyright 2005 Dave BauerAll Rights Reserved
Last Updated ( Sunday, 27 April 2008 21:20 )
 
 

Advertisement

Featured Links:
Ads by Joomla!